[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] TELUS Security Labs VR - Novell ZENworks Handheld
From:       TELUS Security Labs - Vulnerability Research <noreply () telus ! com>
Date:       2011-01-28 19:35:41
Message-ID: 20110128193541.ECF6568019A () sticky ! vrt ! telus ! com
[Download RAW message or body]

Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow

TSL ID: FSC20110125-06

1. Affected Software

    Novell ZENworks Handheld Management 7.0

Reference: http://www.novell.com/products/zenworks/handhelds

2. Vulnerability Summary

A buffer overflow vulnerability exists in Novell ZENworks Handheld Management that could be \
exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges \
on a vulnerable server.

3. Vulnerability Analysis

The vulnerability is due to a boundary error in the IP Conduit Service, ZfHIPCND.exe. If a \
crafted packet is sent to the service on port 2400/TCP, it allocates a fixed size heap buffer \
and copies the client device information into it without validating the string size. This could \
be exploited by attackers to overflow the buffer and possibly execute arbitrary code with the \
privileges of the ZfHIPCND.exe service, by default SYSTEM.

4. Vulnerability Detection

TELUS Security Labs has confirmed the vulnerability in:

    ZENworks Handheld Management 7.0 (ZfHIPCND.exe version 7.0.2.1029 Build 10/29/10)

5. Workaround

Do not allow untrusted hosts to access the vulnerable service.

6. Vendor Response

Patches have been made available by the vendor to eliminate this vulnerability:

http://www.novell.com/support/viewContent.do?externalId=7007663
http://download.novell.com/Download?buildid=x_x4cdA5yT8~

7. Disclosure Timeline

  2010-12-21 Reported to the vendor
  2010-12-21 Vendor response
  2011-01-25 Vendor released patches and advisory
  2011-01-26 Published TSL advisory

8. Credits

Junaid Bohio of Vulnerability Research Team, TELUS Security Labs

9. References

  CVE: Not available 

  Vendor: http://www.novell.com/support/viewContent.do?externalId=7007663

  http://telussecuritylabs.com/threats/show/FSC20110125-06

10. About TELUS Security Labs

TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of security \
research. Our research services include:

    * Vulnerability Research
    * Malware Research
    * Signature Development
    * Shellcode Exploit Development
    * Application Protocols
    * Product Security Testing
    * Security Content Development (parsers, reports, alerts)

TELUS Security Labs provides a specialized portfolio of services to assist security product \
vendors with newly discovered commercial product vulnerabilities and malware attacks. Many of \
our services are provided on a subscription basis to reduce research costs for our customers. \
Over 50 of the world's leading security product vendors rely on TELUS Security Labs research.

http://telussecuritylabs.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]